CVE-2021-38263

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38263

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38263.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-38263

Aliases

Published

2022-03-03T00:15:07Z

Modified

2025-07-15T19:27:01.151703Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

07af97431ed9c9ce34dfd814fc14adfc5911450d

Last affected

0ac7dd652f3cac9b7880e6dea92912b2d02dca3a

Last affected

1315ff6875135daf5f41378e56cdd6def2ac7e14

Last affected

16d03be248641f92824e33f48a0ff952dfe59703

Last affected

475b9805d040f0ce2a046955bd68bf16fe1c2f0e

Last affected

59148a8775a2b2345694a023683d95b478c483c6

Last affected

a3f823cf755fcf3660cd6c2c334840e9596ced9e

Last affected

b2d7cc68a80f974282a379aa700e22387c70c50a

Last affected

ded0e9390637985231e962e4ad4cfa4639eabb26

Last affected

e1ac3de357b51e64ba77c121e5f65fe5b6f297f8

Affected versions

6.*

6.1.0-b1

6.1.0-b2

6.1.0-b3

6.1.0-b4

6.1.0-rc1

6.2.0-b1

6.2.0-b2

6.2.0-m2

6.2.0-m3

6.2.0-m4

6.2.0-m5

6.2.0-m6

7.*

7.0.0-a1

7.0.0-a2

7.0.0-a3

7.0.0-a4

7.0.0-a5

7.0.0-b1

7.0.0-b2

7.0.0-b3

7.0.0-b4

7.0.0-b5

7.0.0-b6

7.0.0-b7

7.0.0-ga1

7.0.0-m1

7.0.0-m2

7.0.0-m3

7.0.0-m4

7.0.0-m5

7.0.0-m6

7.0.0-m7

7.0.1-ga2

7.0.2-ga3

7.0.3-ga4

7.0.4-ga5

7.1.0-a1

7.1.0-a2

7.1.0-b1

7.1.0-b2

7.1.0-ga1

7.1.0-m1

7.1.0-m2

7.1.0-rc1

7.1.2-ga3

7.2.0-a1

7.2.0-b1

7.2.0-b2

7.2.0-b3

7.2.0-ga1

7.2.0-m2

7.2.0-rc2

7.2.0-rc3

7.2.1-ga2

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

sync-3.*

sync-3.0.0-b1

sync-3.0.1-b2

sync-3.0.10-ga2

sync-3.0.2-b3

sync-3.0.3-b4

sync-3.0.4-b5

sync-3.0.5-b6

sync-3.0.6-b7

sync-3.0.7-b8

sync-3.0.8-b9

sync-3.0.9-ga1

sync-3.1.0-ga1